-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Conditional Integration Usage #2128
Comments
Hello @BenB196, thanks for opening this ticket 🙂 a few questions for clarification: From what I understand, you are attempting to run KSPM. Is that correct? Would you mind sharing more information about your deployment?
Can you provide more details about your intended workflow? Will the conditions you set determine whether or not KSPM runs, or is there a more complex workflow involved? |
Hi @oren-zohar,
Yes, attempting to run KSPM, Kubernetes Security Posture Management.
Sure, today, we have a large number of Kubernetes clusters spread across both on-prem deployments and AWS EKS. Overall, we segment our clusters into "environments", and for each environment we try and keep one (1) Elastic Agent policy that does everything, to reduce the amount of policy management if something needs to change.
The intended workflow, is that we're able to define one or more KSPM integrations (or configurations) that are assigned to the same Elastic Agent policy, that based on conditions would determine which KSPM integration (or configuration) would be used/run. A simple example would be that I would like to configure one KSPM integration for "self-managed" and another for "EKS". I'd then like to define a condition that would determine which would run. For clarity, could use the example condition; if |
Hi so after looking into it, it seems like to support conditions in the Cloud Posture integrations we need to do two things:
I'll open a ticket so you can track the progress of this request, cc @smriti0321 |
Is your feature request related to a problem? Please describe.
As an operator of Kubernetes on multiple platforms (AWS, Self-managed, GCP, Azure, etc...). I'd like to maintain a single Elastic Agent policy, while specifying multiple Security Posture Management integrations that are conditionally run depending on specific conditions.
Describe the solution you'd like
It would be nice if Security Posture Management integrations supported Elastic Agent conditions. This would allow an operator to choose when and where these integrations run, while using the same policy.
Describe alternatives you've considered
Additional context
The lack of this feature and the overhead (or lack) of alternatives, currently dissuades us from adopting these features.
The text was updated successfully, but these errors were encountered: